JPH0997215A - Secret information communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To share information from plural information sources and to prevent illegal access to information while transmitting the information to plural recipients, concerning a secret information communication system for providing plane sentence information from a user terminal to a proper user while using an enciphered sentence and a cryptographic key. SOLUTION: In the case of accessing the enciphered sentence and cryptographic key of a user (a) from a reception side user terminal 22 to a center 1 when the enciphered sentence and cryptographic key are registered from a transmission side user terminal 21 to the center 1, according to a request from the center 1, the user identification information of a user (b) himself/herself at the reception side user terminal 22 is sent out and when the user (b) on the reception side can access the enciphered sentence corresponding to user managing information from the transmission side user terminal 21, registered user identification information is collated with the user identification information inputted from the reception side user terminal 22 and both the information are coincident with each other, the center 1 allows the access to the enciphered sentence and cryptographic key.

Description

Detailed Description of the Invention

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a secret information communication system, and more particularly to a secret information communication system for providing plaintext information from a user terminal to a legitimate user using a ciphertext and an encryption key.

[0001]

2. Description of the Related Art Conventionally, Japanese Patent Laid-Open No. 2-75038
As described in Japanese Patent Publication No. JP-A-2003-264, in order for the user to read the information in the storage medium in the information reproducing apparatus (user terminal), the user's own identifier and the identifier for specifying the storage medium are provided from the information reproducing apparatus. It is transmitted to the information management device (center).

In the information management device, it is judged whether the request from the user is valid or not from the received identifier,
If it is valid, the key of the ciphertext stored in the management table is specified by the identifier of the storage medium and transmitted to the information reproducing apparatus.

In the information reproducing apparatus, a system has been proposed in which the ciphertext is reproduced from the storage medium, the ciphertext is decrypted by the transmitted cipher key, and the plaintext is provided to the user.

[0004]

However, in the above-mentioned conventional technique, when a plurality of information reproducing devices are connected to the information managing device, the information reproducing device stores the ciphertext, and therefore the information reproducing device is stored. There is a problem that the cipher text may be shared between the users, and the storage medium stored in the information reproducing device is provided to the user by mistake or intentionally.

Therefore, it is an object of the present invention to share information from a plurality of information sources and transmit the information to a plurality of recipients while preventing unauthorized access to the information.

[0006]

In order to achieve the above object, in the confidential information communication system according to the present invention, the center stores the encryption key, and the user identification information transmitted from the user terminal is valid. Not only is it determined whether or not the encryption key is transmitted to the user terminal, but also the ciphertext is collectively stored at the center and the same management as the encryption key is attempted. You can take steps.

[1] According to the present invention, a user management information input function for restricting a user who can access a ciphertext and an encryption key from a plurality of users, and a plaintext encryption processing function and a decryption processing function are provided. It is composed of a user terminal that it has and a center in which user identification information corresponding to each user is registered in advance, and when the user's ciphertext and encryption key are registered in the center from the sending user terminal, the receiving side When accessing the ciphertext and the encryption key from the user terminal to the center, the user identification information of the user of the receiving user terminal itself is transmitted according to the request from the center, and the center The ciphertext can be accessed by the receiving user with the user management information from the sending user terminal, and the registered user identification information and the received user terminal are input. user If a match is collated with another information, it has allowed access dark ciphertext and encryption key.

That is, the center registers the user identification information of the user group consisting of a plurality of users in advance, and when the ciphertext and the cipher key are registered from the sending user terminal to the center, the ciphertext and the cipher key. Register the user management information that restricts the users who can access.

When the user accesses the ciphertext and the encryption key from the receiving user terminal to the center, the user's own user identification information is sent from the user terminal to the center and registered at the center. By comparing the user identification information corresponding to the user who can access the ciphertext with the user management information and is registered in the center with the user identification information input from the user terminal. If they match, access to the ciphertext and encryption key is permitted.

Since the center and all the user terminals have the above functions, the information from the plurality of user terminals is shared in the center, and while providing the information to the plurality of user terminals, it is not appropriate for the information. Secure access,
It becomes possible to keep information confidential.

[2] According to the present invention, in the above-mentioned [1], when the center separately manages access to the ciphertext and the cipher key, and when the plaintext is cipher processed by the sending user terminal, the ciphertext is encrypted. When adding the identifier of the encryption key to the text and registering it in the center and obtaining the plaintext from the receiving user terminal, first access the ciphertext to the center and then add it to the ciphertext. The encryption key corresponding to the generated identifier can be accessed to the center.

[3] In the present invention, in the above-mentioned [1], the ciphertext is separately managed by the center while the ciphertext and the cipher key are separately managed, and the ciphertext is registered when the ciphertext from the sender user terminal is registered. When the plaintext is obtained from the receiving side user terminal by adding the encryption key identifier to, the ciphertext is first accessed to the center, and then the ciphertext is associated with the identifier added to the ciphertext. The encryption key can be accessed to the center.

[4] In the present invention according to any one of the above [1] to [3], the user terminal has a random number generating function, and the sending user terminal uses the random number instead of the encryption key. It may be generated and used.

[5] In the present invention, in any one of the above [1] to [4], the plaintext is encrypted and registered from the sending user terminal to the center, or is not encrypted. In the case where the user terminal has a function of selecting whether to register in plain text at, and when the plain text is registered in the center from the sending user terminal without performing the encryption processing,
A signal of a specific pattern may be registered instead of the encryption key.

[6] In the present invention, in the above-mentioned [5], when the plaintext is registered in the center from the user terminal without performing the cryptographic processing, the cryptographic key is not added with the identifier of the cryptographic key. Then, the receiving-side user terminal may process the received ciphertext as ciphertext or plaintext depending on whether the ciphertext identifier is added to the received ciphertext.

[7] In the present invention according to any one of the above [1] to [6], the user terminal has a function of generating user analysis information by analyzing the user identification information, and the center is User analysis information is registered in advance, the receiving user terminal identifies the user by using the user analysis information instead of the user identification information, and accesses the ciphertext and the encryption key. To the center.

[8] In the present invention, in any one of the above [1] to [7], an encryption key with the center is preset for each user terminal, and the plaintext is used as the encryption process. Not only does the encryption key change each time encryption processing is performed,
Furthermore, the encryption key can be changed for each user terminal to perform multi-step encryption processing.

[0018]

[9] In the present invention according to any one of the above [1] to [8], a plurality of user terminals have a common codebook that stores a plurality of random numbers, and the encryption key is provided in the center. Register an algorithm indicating a method of combining random numbers of the codebook from the sending user terminal, input the algorithm at each sending user terminal, and generate an encryption key from the codebook. Then, the encryption processing is performed, and when the center identifies the receiving-side user terminal as a user, the access is controlled by sending the algorithm.

[10] In the present invention, the above

In [9],
Each user terminal is connected to the external storage medium recording the codebook, and the codebook can be input from the external storage medium during the encryption processing and the decryption processing.

[11] In the present invention, the above [1] to [1]
[0], the center is divided into a ciphertext management center and a cipher key management center, and each center separately manages access to the ciphertext and the cipher key and uses the sender side. When the plaintext is encrypted by the person terminal, the ciphertext identifier is added to the ciphertext, the ciphertext is registered in the ciphertext management center, and the cipher key is registered in the cipher key management center. When the plaintext is accessed from the receiving user terminal, first the ciphertext is accessed to the ciphertext management center, and then the cipher key corresponding to the identifier added to the ciphertext is used for the cipher key management. You can access the center.

[0021]

FIG. 1 shows a schematic configuration of a secret information communication system according to the present invention. A center 1 accommodating a ciphertext 4 and an encryption key 5 has a plurality of user terminals 21.
2N are connected via communication lines (communication channels) 11 to 1N, and the center 1 further includes a plurality of users a to.
The user identification information 2 of the user group 30 composed of z is stored in advance.

The user a uses the user terminal 21, for example, in plain text 2
When 13 is encrypted and stored in the center 1, in the user terminal 21, the encryption processing unit 214, the encryption generation unit 2
The plaintext 213 is cryptographically processed with the cryptographic key generated from the code 15, and the ciphertext and the cryptographic key are transmitted to the center 1 via the line interface 210.

At this time, the user terminal 21 also transmits the user management information 212 indicating which user of the user group 30 can use the ciphertext.

The center 1 stores the ciphertext 4, the encryption key 5 and the user management information 3 received via the line interface 6.

When the user b tries to reproduce the plaintext 217 from the user terminal 22, for example, when the user b issues an access request for the ciphertext 4 and the encryption key 5 from the user terminal 22 to the center 1, User terminal 22 in Center 1
From the user b to input the user identification information 211 of the user b, the user management information 3 allows the user b to use the ciphertext 4, and the user identification information 2 and the user identification for the user b. Only when the information 211 matches, the ciphertext 4 and the cipher key 5 are transmitted to the user terminal 22 via the line interface 6.

In the user terminal 22, the decryption processing unit 216 decrypts the ciphertext and the encryption key received via the line interface 210 to obtain a plaintext 217.

Since the center 1 and all the user terminals 21 to 2N have the above-mentioned functions, the center 1
In, it is possible to share information from a plurality of user terminals, provide information to a plurality of user terminals, prevent unauthorized access to the information, and protect the confidentiality of the information.

FIG. 2 shows a configuration example (1) of the secret information communication system according to the present invention. In the conceptual diagram of the configuration of FIG. 1, the configuration of the center 1 and the user terminals 21, 22 is specifically shown. Is shown in. The user terminals 21, 2
2 is shown only as a representative.

In this embodiment, the center 1 is composed of a user authentication processing unit 7, a ciphertext accommodation unit 8, an encryption key accommodation unit 9 and a line interface 6, and the user authentication processing unit 7 uses A user identification information accommodating section 71 for accommodating the person identification information 2, a user management information accommodating section 72 for accommodating the user management information 3, and a user ID information 2 and a user sent from the user management information 3 A user authentication unit 73 that authenticates the person identification information 74.

The ciphertext accommodating section 8 accommodates the ciphertext 4 and the cipher key accommodating section 9 accommodates the cipher key 5.
The reception processing unit 61 includes a reception interface unit 610, and the transmission processing unit 62 includes a transmission interface unit 620.

Here, the reception interface unit 610 and the transmission interface unit 620 are the same as the line interface 6
Is equivalent to.

Further, in the user terminals 21 and 22, the user identification processing section 221 and the line interface 21 are provided.
0, a plaintext input unit 228, a plaintext storage unit 229, a plaintext output unit 230, and an encryption key generation processing unit 231.

Of these, the user identification processing section 221 inputs the user identification information 211 and the user identification information input section 22.
2 and a user management information input unit 223 for inputting the user management information 212.

Further, the encryption key generation processing section 231 includes an encryption key generation section 215 which generates an encryption key 232.
The transmission processing unit 224 includes a transmission interface unit 226 and an encryption processing unit 214, and a reception processing unit 225.
Is composed of a reception interface unit 227 and a decoding processing unit 216.

Here, the transmission interface unit 226 and the reception interface unit correspond to the line interface 210.

[1] Utilization of the user group 30 by using the operation example of the confidential information communication system according to the present invention (1) based on the configuration example (1) shown in FIGS. 1 and 2 as described above. The person a registers the ciphertext and the cipher key from the sending user terminal 21 in the center 1, and the user b accesses the ciphertext and the cipher key from the center 1 via the receiving user terminal 22 to reproduce the plaintext. The case will be described below with reference to FIGS. 3 to 6.

(1) First, in the user authentication processing section 7 of the center 1, the user identification information 2 of the user group 30 is stored in advance in the user identification information accommodating section 71.

(2) Sending side user terminal 2 by user a
Input from the plaintext input unit 228 of No. 1 (step S1 in FIG. 4)
The encrypted plaintext 213 is stored in the plaintext storage unit 229 and then encrypted by the encryption processing unit 214 using the encryption key generated by the encryption generation unit 215 (this may be input as shown in step S2). After processing (step S4), the ciphertext 2 is sent to the communication line 10 via the transmission interface unit 226.
41 and the encryption key 232 (see FIG. 3).

(3) When sending the ciphertext 241 to the communication line 10 via the transmission interface unit 226, the user management information 212 is input from the user management information input unit 223 (step S3), and the transmission interface unit 226 is entered. Via the communication line 10.

(4) In the center 1, the communication line 1
The encrypted text 241, the encryption key 232, and the user management information 212 received from 0 through the reception interface unit 610 are
The ciphertext accommodating unit 8, the cipher key accommodating unit 9, and the user management information accommodating unit 72 are accommodated as ciphertext 4, cipher key 5 and user management information 3 (see FIGS. 1 and 2) (step S).
5 to S7).

(5) After that, the user b sends the ciphertext and ciphertext selection information 244 indicating the access request for the ciphertext and the cipher key from the receiving user terminal 22 to the center 1 (step S21 in FIG. 5). The user 1 issues a request for inputting the user identification information of the user b to the user terminal 22 and executes the user verification process (step S22).

(6) That is, the user b is the user terminal 2
2 user identification information input unit 222 to user identification information 2
11 is input together with the user name (ID) 245 (steps S221 and S224 in FIG. 6) and sent to the center 1.

(7) In the user authentication section 73 of the center 1, the user b (247) can use the ciphertext in the user management information 3 registered in the user management information accommodating section 72. Moreover, the user identification information 2 and the user terminal 21 of the user b registered in the user identification information accommodating section 71.
Only when the user identification information 211 (74) sent from the user agrees (steps S222 and S225), the access permission of the ciphertext 4 and the cipher key 5 is given to the ciphertext accommodating unit 8 and the cipher key accommodating unit 9, respectively. Issue, ciphertext 4 and encryption key 5
Is transmitted to the user terminal 22 via the transmission interface unit 620 and the communication line 10 (steps S23 and S2).
4).

(8) At the user terminal 22, the ciphertext 242 and the cipher key 2 received from the reception interface unit 227.
The decryption processing unit 216 performs decryption processing using 43 (step S25) to obtain the plaintext 217, and the plaintext output unit 230 outputs the plaintext 217 via the plaintext storage unit 229 (step S26).

[2] FIGS. 7 to 9 show an operation example of the secret information communication system according to the present invention (2) using the configuration example (1) of FIGS. 1 and 2. In the example,
As shown in FIG. 7, the embodiment of FIG. 3 showing the above [1] is different in that the user terminals 21 and 22 use the cipher key identifiers 250 and 251 for the cipher texts 241 and 242, respectively.

That is, when the center 1 separately manages access to the ciphertext 4 and the cipher key 5, and the transmission processing unit 224 of the user terminal 21 performs the ciphertext processing of the plaintext (step S4),
The ciphertext identifier 251 corresponding to the cipher key 232 is added to the ciphertext 241 (step S8), and the ciphertext 4 and the cipher key 5 are respectively registered in the ciphertext accommodation unit 8 and the cipher key accommodation unit 9 of the center 1. .

When the plaintext 217 is obtained from the user terminal 22, the ciphertext 4 is first set by the ciphertext selection information 244.
To the center 1 (steps S21 to S2
3).

The user terminal 22 that obtained the ciphertext 4 (242)
Then, the identifier 251 of the encryption key 5 is extracted from the ciphertext 4 (step S27 in FIG. 9), and the encryption key 5 corresponding to the extracted identifier 251 is accessed to the center 1 (step S27).
28, S29) and read (step S24).

As a result, from the center 1 to the user terminal 2
When the ciphertext and the cipher key are transmitted to 2, the ciphertext and the cipher key are not simultaneously transmitted through the communication line 10, and the influence of information leakage during the transmission can be reduced.

[3] FIGS. 10 to 12 show an operation example of the secret information communication system according to the present invention (3) using the configuration example (No. 1) of FIGS. In the example, as shown in FIG. 10, in the embodiment of FIG. 3 showing the above [1], the ciphertexts 4, 4 at the center 1 and the user terminal 22 are used.
242 for the encryption key identifiers 111 and 251 respectively
Is different.

That is, the ciphertext 4 and the cipher key 5 registered in the center 1 are separately managed for access, and when the ciphertext 4 is registered in the center 1, the ciphertext identifier 111 is added to the ciphertext 4. (Step S9 in FIG. 11), the ciphertext 4
And the encryption key 5 are registered in the ciphertext accommodation unit 8 and the encryption key accommodation unit 9 of the center 1, respectively.

When the plaintext is obtained from the user terminal 22, the ciphertext is first accessed to the center 1 (steps S21 to S23 in FIG. 12), and then the cipher key identifier 251 added to the ciphertext 242 is extracted. Yes (step S27).

The encryption key 5 corresponding to the extracted encryption key identifier 251 is accessed to the center 1 (step S2
8, S29) and read (step S24).

As a result, from the center 1 to the user terminal 2
When the ciphertext and the cipher key are transmitted to 2, the ciphertext and the cipher key are not simultaneously transmitted through the communication line 10, and the influence of information leakage during the transmission can be reduced.

[4] FIGS. 13 and 14 show FIGS.
3 shows an operation example of the secret information communication system according to the present invention (4) using the configuration example (1) of FIG. 3, and in this embodiment, as shown in FIG. In the embodiment, the encryption key generating unit 21 of the sending user terminal 21
5 has a random number generation function and uses a random number 270 generated by the encryption key generation unit 215 as the encryption key 232.

That is, in the sending user terminal 21, the cryptographic key generation unit 215 generates a random number 270 to obtain the cryptographic key 232 (step S11 in FIG. 14), and the cryptographic process is performed as described above (step S4). ing.

Thus, in the user terminal 21, the users a and b perform the encryption process and the decryption process without being aware of the encryption key, so that the encryption key can be prevented from leaking between users.

[5] FIGS. 15 and 16 show FIGS.
3 shows an operation example of the secret information communication system according to the present invention (5) using the configuration example (1). The operation conceptual diagram is the same as that of the embodiment of FIG. 3 showing [1] above. is there.

However, when the plaintext is cryptographically processed, whether the cryptographic processing section 214 performs the cryptographic processing to register the ciphertext 241 from the user terminal 21 into the cipher accommodating section 8 of the center 1 (see FIG. 1).
5, steps S12, S2, S4), and the cryptographic processing unit 21.
User terminal 2 in plain text 213 without encryption processing in 4
1 is registered in the ciphertext storage unit 8 of the center 1, or the transmission processing unit 224 of the user terminal 21 has a function of selecting whether to register the plaintext without any encryption processing from the user terminal 21 to the center 1. If yes, encryption key 232 (5)
Instead of, a signal of a specific pattern (such as "all0") is registered (step S13).

The reception processing section 225 of the receiving side user terminal 22.
Then, it is determined whether the encryption key 5 (243) is a specific pattern (step S32 in FIG. 16), and the encryption key 5 (24)
When 3) matches the specific pattern, the decryption processing in the decryption processing unit 216 (step S25) is omitted and the plain text 217 is output as it is (step S26).

Note that the ciphertext storage units 8 and 229 can be called information file storage units in the sense that they store plaintexts that are not encrypted.

Thus, the user can select whether or not to perform the cryptographic processing depending on the importance of the plaintext.

[6] FIGS. 17 and 18 show FIGS.
This shows an operation example of the secret information communication system according to the present invention (6) using the configuration example (1) of (1). This operation conceptual diagram is the same as the embodiment of FIG. 3 showing [1] above. is there.

Then, the plaintext is cryptographically processed and registered in the ciphertext accommodating section 8 of the center 1 from the user terminal 21 (steps S12, S2 and S4 in FIG. 17), or the plaintext is not processed by the user as is. When the transmission processing unit 224 of the user terminal 21 has a function of selecting whether to register from the terminal 21 to the center 1, the ciphertext 24
The identifier of the encryption key 232 is added to 1 (step S8),
When the plain text is registered in the center 1 from the user terminal 21 without performing the cryptographic process, the ciphertext (information file) is registered without adding the encryption key identifier.

In the reception processing section 225 of the user terminal 22,
It is determined whether or not the encryption key identifier is added to the ciphertext (or information file) received from the center 1 (see FIG.
8 step S33), if added, the identifier of the encryption key is extracted from the ciphertext and accessed by the encryption key as in the embodiment of FIG. 9 (steps S27 to S29, S).
24), the decryption process is performed (step S25), but if not added, the decryption process (step S25) is omitted and the plain text is output as it is (step S26).

Thus, the user can select whether or not to perform the cryptographic processing depending on the importance of the plaintext.

[7] FIGS. 19 to 21 show an operation example of the secret information communication system according to the present invention (7) using the configuration example (1) of FIGS. 1 and 2. In the configuration example of FIG. 2, the user identification information accommodation unit 7 of the center 1
The user analysis information accommodating section 71 is used in place of 1, and the user identification information analyzing section 233 (illustrated by a dotted line in FIG. 2) is added to the user terminals 21 and 22, and the operation conceptual diagram thereof is shown in FIG. In the embodiment of FIG. 3 showing the above [1], the user authentication unit 73 is provided between the center 1 and the user terminal 22.
When the user authenticates, the user analysis information 28 obtained by analyzing the characteristics of the user identification information 211 instead of the user identification information 211.
The difference is that 0 is transmitted.

That is, when the center 1 and the user terminal 22 perform the user collation process (step S34) in the operation flowchart of FIG. 20, the user identification information 211 is displayed in the user terminal 22 as shown in FIG. After inputting (step S344), this user identification information 2
11 is analyzed by the user identification information analysis unit 233 (step S345) and sent to the center 1. The center 1 compares the user analysis information 281 registered in advance to enable access when the two match. (Step S34
6).

As a result, the amount of information transmitted for user identification can be reduced.

[8] FIG. 22 shows a configuration example (No. 2) of the confidential information communication system according to the present invention. In this example, in the configuration example (No. 1) shown in FIG. 1, the decryption processing unit 611 for each terminal is provided in the reception processing unit 61, the encryption processing unit 621 for each terminal is provided in the transmission processing unit 62, and the encryption key generation processing unit including the encryption key accommodation unit 9 instead of the encryption key accommodation unit 9 is provided. 90, and the user terminal 2
Also in 1 and 22, the transmission processing unit 224 is provided with the terminal-specific encryption processing unit 308, the reception processing unit 225 is provided with the terminal-specific decryption processing unit 310, and the encryption key generation processing unit 231 generates the terminal-specific encryption key 290. The difference is that it includes a separate encryption key generating unit 304.

23 to 26 show an operation example of the secret information communication system according to the present invention (8) using the configuration example (part 2) of FIG. 22, and this embodiment is based on the above [1. ]
In the embodiment shown in FIG. 3, not only is encryption processing performed for each plaintext, but an encryption key with the center 1 is set for each of a plurality of user terminals, and further encryption processing is performed for each terminal. is there.

That is, as shown in FIG. 23, the terminal-specific encryption key 92 is registered in advance in the center 1, and the terminal-specific encryption keys 290a and 290b are registered in the user terminals 21 and 22 in advance.

In this state, the center 1 is shown in FIG.
As shown in FIGS. 24 to 26, which show an operation flowchart similar to the operation flowchart shown in FIG. 6, all the signals transmitted between the user terminal and the center 1 are encrypted and decrypted for each terminal. .

As a result, it is possible to prevent the ciphertext, the encryption key and the user identification information from leaking during the transmission of the communication line 10.

[0075]

[9] FIGS. 27 to 29 show the present invention (9) in which a portion indicated by a dotted line is added to the configuration example (part 2) of FIG. 22.
The operation example of the confidential information communication system according to
In this embodiment, a codebook accommodating section 301 and a cryptographic key generation algorithm generating section 306 for generating the cryptographic key generating algorithm 301 are added to the cryptographic key generating processing section 231 of the user terminals 21 and 22, and further, the center 1 An encryption key generation algorithm accommodating section 93 is added to the encryption key generation processing section 90.

That is, in the configuration of FIG. 2, instead of the encryption key accommodation unit 9 of the center 1, the encryption key generation algorithm accommodation unit 9 is used, and the encryption key generation unit 215 in the encryption key generation processing unit 231 of the user terminals 21 and 22. Instead of the encryption key generation unit 215, the encryption key generation algorithm generation unit 30
6 and the codebook accommodation unit 301 are added.

At this time, the codebook 300 (see FIG. 27) consisting of a plurality of random numbers is stored in the codebook accommodating section 301 of a plurality of user terminals (user terminals 21 and 22 in this example).
Cryptographic key generation algorithm 3 which is shared in advance and shows how to combine a plurality of random numbers for each plaintext.
01 is generated by the encryption key generation algorithm generation unit 306 of the sending side user terminal 21 (step S15 in FIG. 28), and the encryption key generation unit 215 generates a plurality of random numbers in the codebook 300 according to the encryption key generation algorithm 301. An encryption key 232 is generated in combination (step S16), and encryption processing is performed (step S4).

However, the encryption key 232 itself is not transmitted, but instead the encryption key generation algorithm 301 is transmitted between the user terminal 21 and the center 1, and the encryption key generation algorithm accommodating section 9 of the center 1 generates the encryption key. The algorithm 301 is stored (step S17).

Then, the receiving user terminal 22 accesses the center 1 with this encryption key generation algorithm 301 (step S35 in FIG. 29), and the code book 30
0 to generate an encryption key 232 (step S3
6), the decoding process (step S25) is performed.

In this embodiment as well, plain text can be treated as an information file when encryption processing is not performed, as in the above embodiment.

As a result, the user terminal that does not share the codebook in advance cannot decrypt the ciphertext, and information leakage from other user terminals can be prevented.

[10] Above

In the embodiment of [9], the codebook 300 is recorded in an external storage medium, and the codebook accommodating section 301 of the user terminals 21 and 22 has an input function from the external storage medium. At this time, the codebook may be input from the external storage medium.

As a result, in the user terminal which does not have the external storage medium in which the codebook is stored in advance,
The encrypted text cannot be decrypted, and information leakage from other user terminals can be prevented.

[11] FIG. 30 shows a configuration example (3) of the confidential information communication system according to the present invention. The center 1 described above is a center 1A for ciphertext management and a center 1A for cipher key management. It is divided into the center 1B, and the user terminals 21 and 22 separately manage access to the ciphertext and the cipher key at each center via the communication lines 10A and 10B. Although not shown, the structures of these centers 1A and 1B are the same as those shown in FIG.

However, the cipher key accommodation unit 9 may not be provided in the center 1A, and the ciphertext accommodation unit 8 may not be provided in the center 1B.

31 and 32 show an operation example of the secret information communication system according to the present invention (11) using the configuration example (part 3) of FIG. 30. In this embodiment, the sender side is used. When the plaintext is encrypted by the transmission processing unit 224 of the person terminal 21 (steps S1 to S4 in FIG. 31), the ciphertext identifier is added to the ciphertext (step S8) to store the ciphertext in the ciphertext of the center 1A. Register in section 8 (step S5)
S6).

Further, the encryption key is registered in the encryption key accommodating portion 9 of the center 1B (steps S50, S7).

When the plaintext is obtained from the receiving user terminal 22, the ciphertext is first accessed to the center 1A (steps S21 to S23 in FIG. 32), and then the identifier of the cipher key added to the ciphertext is extracted. Then, the encryption key corresponding to this identifier is accessed to the center 1B (steps S28, S29, S24 to S26).

As a result, the ciphertext and the cipher key are registered in different centers and managed separately, so that the plaintext cannot be taken out only by improperly accessing one of the centers, so that the confidentiality of information can be further increased. it can.

[0090]

As described above, according to the confidential information communication system of the present invention, when the sending user terminal registers the user's ciphertext and the encryption key in the center, the receiving user terminal sends When accessing the ciphertext and the encryption key to the center, the user identification information of the user of the receiving-side user terminal is transmitted according to a request from the center,
The center allows the receiving side user to access the ciphertext with the user management information from the sending side user terminal, and the registered user identification information and the receiving side user. Since it is configured to allow access to the ciphertext and the encryption key when the user identification information input from the terminal is collated and matched, it is possible to share information from multiple information sources and Only users who are authorized to access the center can access the encrypted text and encryption key, and prevent unauthorized access to information.

[Brief description of drawings]

FIG. 1 is a block diagram showing a schematic configuration of a secret information communication system according to the present invention.

FIG. 2 is a block diagram showing a specific configuration example (No. 1) of the confidential information communication system according to the present invention.

FIG. 3 is a block diagram showing an operation concept of the secret information communication system according to the present invention (1).

FIG. 4 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (1).

FIG. 5 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (1).

FIG. 6 is an operational flowchart (part 3) of the confidential information communication system according to the present invention (1).

FIG. 7 is a block diagram showing an operation concept of the confidential information communication system according to the present invention (2).

FIG. 8 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (2).

FIG. 9 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (2).

FIG. 10 is a block diagram showing an operation concept of a secret information communication system according to the present invention (3).

FIG. 11 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (3).

FIG. 12 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (3).

FIG. 13 is a block diagram showing an operation concept of the confidential information communication system according to the present invention (4).

FIG. 14 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (4).

FIG. 15 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (5).

FIG. 16 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (5).

FIG. 17 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (6).

FIG. 18 is an operation flowchart diagram (2) of the confidential information communication system according to the present invention (6).

FIG. 19 is a block diagram showing an operation concept of the confidential information communication system according to the present invention (7).

FIG. 20 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (7).

FIG. 21 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (7).

FIG. 22 is a block diagram showing a specific configuration example (No. 2) of the confidential information communication system according to the present invention.

FIG. 23 is a block diagram showing an operation concept of the confidential information communication system according to the present invention (8).

FIG. 24 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (8).

FIG. 25 is an operational flowchart (part 2) of the confidential information communication system according to the present invention (8).

FIG. 26 is an operation flowchart diagram (3) of the confidential information communication system according to the present invention (8).

FIG. 27 is a block diagram showing an operation concept of the confidential information communication system according to the present invention (9).

FIG. 28 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (9).

FIG. 29 is an operation flowchart diagram (2) of the confidential information communication system according to the present invention (9).

FIG. 30 is a block diagram showing a specific configuration example (No. 3) of the confidential information communication system according to the present invention.

FIG. 31 is an operation flowchart diagram (1) of the confidential information communication system according to the present invention (11).

FIG. 32 is an operation flowchart diagram (2) of the confidential information communication system according to the present invention (11).

[Explanation of symbols]

 1, 1A, 1B ... Center 2 ... User identification information 3 ... User management information 4 ... Ciphertext 5 ... Cryptographic key 6 ... Line interface 7 ... User authentication processing unit 8 ... Ciphertext storage unit 9 ... Cryptographic key storage unit 10, 11-1N ... Communication lines 21, 22-2N ... User terminal 211 ... User identification information 212 ... User management information 213, 217 ... Plain text, 214 ... Cryptographic processing unit 215 ... Cryptographic key generating unit 216 ... Decryption processing Part 221 ... User identification processing part 228 ... Plain text input part 229 ... Plain text accommodation part 230 ... Plain text output part 30 ... User group 90, 231 ... Cryptographic key generation processing part 306 ... Cryptographic key generation algorithm generating part 93 ... Cryptographic key generation Algorithm accommodating section In the drawings, the same reference numerals indicate the same or corresponding parts.

 ─────────────────────────────────────────────────── ─── Continuation of the front page (72) Eiji Ishida 3-2-1 Sakado, Takatsu-ku, Kawasaki City, Kanagawa Prefecture Fujitsu Network Engineering Co., Ltd. (72) Junichi Yokoyama 3-chome, Sakado, Takatsu-ku, Kawasaki City, Kanagawa Prefecture 2-1 Inside Fujitsu Network Engineering Co., Ltd. (72) Inventor Kiyoshi Watanabe 3-2-1 Sakado, Takatsu-ku, Kawasaki City, Kanagawa Prefecture Fujitsu Network Engineering Co., Ltd.

Claims (11)

[Claims] 1. A user terminal having a user management information input function for limiting a user who can access a ciphertext and an encryption key from a plurality of users, and a plaintext encryption processing function and a decryption processing function. , A center in which the user identification information corresponding to each user is registered in advance, and when the user's ciphertext and encryption key are registered in the center from the sending user terminal, the receiving user terminal When accessing the ciphertext and the encryption key to the center, the user identification information of the user of the receiving-side user terminal itself is transmitted according to a request from the center, and the center sends the transmitting-side user. The ciphertext can be accessed by the receiving side user with the user management information from the terminal, and the registered user identification information and the user identification information input from the receiving side user terminal Illuminate If a match to, secret information communication system and permits access dark ciphertext and encryption key. 2. The ciphertext according to claim 1, wherein the center separately manages access to the ciphertext and the cipher key, and when the sender user terminal cryptographically processes a plaintext, the ciphertext has the cipher key. When the plaintext is obtained from the receiving-side user terminal by registering with the identifier of, the ciphertext is first accessed to the center, and then the ciphertext is added to the identifier. A secret information communication system characterized in that the corresponding encryption key is accessed to the center. 3. The ciphertext according to claim 1, wherein the center separately manages access to the ciphertext and the ciphertext, and when the ciphertext from the sending user terminal is registered, the ciphertext of the ciphertext is added to the ciphertext. When the plaintext is obtained from the receiving side user terminal by adding an identifier, the ciphertext is first accessed to the center, and then the encryption key corresponding to the identifier added to the ciphertext is used. A secret information communication system characterized by accessing the center. 4. The user terminal according to claim 1, wherein the user terminal has a random number generation function, and the sending user terminal generates and uses the random number instead of the encryption key. And confidential information communication system. 5. The method according to any one of claims 1 to 4, wherein the plaintext is encrypted and registered from the sender user terminal to the center, or the plaintext is registered without the cryptographic processing. When the user terminal has a function of selecting, and when the plaintext is registered from the sending user terminal to the center without performing the encryption processing, a signal of a specific pattern is registered instead of the encryption key. A secret information communication system characterized by the above. 6. The method according to claim 5, wherein the plain text is registered in the center from the user terminal without performing the encryption process.
It is performed without adding the identifier of the encryption key to the ciphertext, and the receiving user terminal determines the ciphertext or the plaintext depending on whether the ciphertext identifier is added to the received ciphertext. A confidential information communication system characterized by processing. 7. The user terminal according to any one of claims 1 to 6, wherein the user terminal has a function of generating user analysis information by analyzing the user identification information, and the center registers the user analysis information in advance. The receiving user terminal identifies the user by using the user analysis information instead of the user identification information, and accesses the ciphertext and the encryption key to the center. A secret information communication system characterized by the above. 8. The encryption key according to any one of claims 1 to 7, wherein an encryption key with the center is preset for each user terminal, and the plaintext is encrypted every time the encryption process is performed. A secret information communication system characterized in that not only the key is changed but also the encryption key is changed for each user terminal to perform multi-step encryption processing. 9. The method according to claim 1, wherein a plurality of user terminals have a common codebook storing a plurality of random numbers, and the encryption key is registered in the center. An algorithm indicating a method for combining random numbers of the codebook is registered in the sender user terminal, the algorithm is input to each sender user terminal, an encryption key is generated by the codebook, and the encryption is performed. A secret information communication system, characterized by performing processing and transmitting access to the algorithm when the center identifies the receiving side user terminal as a user. 10. The user terminal according to claim 9, wherein each user terminal is connected to the external storage medium in which the codebook is recorded, and the codebook is input from the external storage medium during the encryption processing and the decryption processing. A secret information communication system characterized by the above. 11. The method according to any one of claims 1 to 10,
The center is divided into a ciphertext management center and a cipher key management center. Each center separately manages access to the ciphertext and the cipher key, and the sender user terminal encrypts the plaintext. In this case, the ciphertext identifier is added to the ciphertext, the ciphertext is registered in the ciphertext management center, and the cipher key is registered in the cipher key management center. When accessing, the ciphertext is first accessed to the ciphertext management center, and then the cipher key corresponding to the identifier added to the ciphertext is accessed to the cipher key management center. Characterized confidential information communication system.